Security Expert Fools, Records Fake Antivirus Scammers – Dark Reading

One of the many phone-call scams going around, nothing new, except a curious IT researcher recorded the audio and detailed their entire process (full details in link).

Short version:

* Call center calls up, claiming to be of Microsoft and having received alerts of malware from user’s machine. Often this involves getting the user to launch the MMC Event Viewer, where there will be undoubtedly application or system notices (which are usually harmless) – citing them as ‘malware’.

* Requests user navigate to a legitimate remote desktop website (such as LogMeIn or ShowMyPC), where they enter a code to give full control to the remote caller.

* Once they have control, they will either point the browser to their own website where credit card details are requested (payment can be routed through a legitimate payment processor).

* If the user is unconvinced at this stage, the remote operator takes to disabling vital Windows services, or forcing Windows to launch in Safe Mode continually to cause more damage.

* It does not appear they sniff through hard disk contents, or disable AV / firewall. It also does not appear that they are very technically proficient.

+Troy Hunt also did something similar a while back, you can read his experience here – http://www.troyhunt.com/2012/02/scamming-scammers-catching-virus-call.html

Or watch a collection of videos here – 
http://www.troyhunt.com/2012/06/how-logmein-is-enabling-scammers-to.html

Security Expert Fools, Records Fake Antivirus Scammers – Dark Reading

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s